Windows 7 RC, Vista Hit By Critical Security Vulnerability

Microsoft has announced that it has discovered a new security hole that could help hackers seize complete control over PCs running newer iterations of Windows operating systems.

This could turn out to be a major setback for Microsoft as it readies for the launch of Windows 7 next month

The security flaw, which affects Windows Vista, Windows Server 2008, as well as the release candidate version of Windows 7, resides in the implementation of Server Message Block (SMB), a network file sharing technology being used in latest versions of operating systems.

According to a Microsoft security advisory released on Tuesday, "An attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart".

Microsoft was quick to respond to reports of Windows 7 RC being affected, saying the bug won’t impinge any damages to RTM of the OS - the version being shipped to stores.

Previously, the bug was assumed only to cause an incapacitating ‘blue screen of death’, but with the recent Tuesday patch from Microsoft, it was revealed that in some cases it could even be exploited to remotely execute malicious codes on infested machines.

The vulnerability has been closed in the final iteration Windows 7 OS, leaving the other Windows versions still vulnerable to the flaw.

Our Comments

This is the type of vulnerability that would affect only a small fraction of a user base but which ends up being magnified by the press for better or worse. Like the Intel Pentium bug a few years ago, the costs of damage are likely to be negligible but RC users should upgrade to the RTM version or upgrade altogether.

Related Links

Critical bug infests newer versions of Microsoft Windows

(The Register)

Windows 7 Security Bug Emerges at Worst Time for Microsoft

(eWeek)

Microsoft: SMB 2.0 hole does affect Vista, not Windows 7

(BetaNews)

Microsoft addresses eight vulnerabilities with recent update

(The Tech Herald)

Microsoft confirms critical unpatched Vista, Windows 7 RC bug

(Computerworld)